Sunday, June 13, 2004

Critical security flaw in Oracle SW

A US based security firm Integrity hired by the US anti-terror government department, Homeland Security (DHS) has warned of critical security vulnerabilities in Oracle software. Said an online report.

According to DHS serious problems can occur if a user tries to access the unpatched version of the database software using a Web browser. The report said unpatched version of databases were 'vulnerable to SQL injection attacks.'

DHS has warned that this vulnerability can harm the underlying operating system as well as data integrity.

Currently, the flaw has been found in Oracle E-Business Suite 11i and 11.5.1 through 11.5.8 and all releases of Oracle 11. Versions 11.5.9 onwards have not shown any such defect.

This looks like a critical problem as many key government departments as well as organizations worldwide use Oracle's products. However, the database giant has taken remedial action by releasing a patch for the same.

No comments: